1. Field of the Invention
The invention relates to downloading of files into secure input terminals, i.e., terminals which enable a customer to input information, and which process and transmit the information to an external computer for verification. The information processed by the terminal may include credit or debit card data read by a magnetic stripe reader, personal identification numbers (PINs) manually input through a keypad, biometric data such as fingerprints, and so forth. The files downloaded to the terminal may be application programs, encryption keys or certificates, or other programs for enabling the terminal to carry out data input, processing, and communications functions.
More particularly, the system and method of the invention relates to safeguarding the encryption keys used to digitally sign, and thereby authenticate, files to be downloaded into the terminal, by using a smartcard to prevent the signer from gaining access to the keys, and by using one or more PINs to limit access to smartcard functions.
In a preferred embodiment of the invention, each file to be downloaded to the terminal is signed by the “private key” of a public-private key cryptosystem. The private key is stored in the memory of the smartcard, and is only accessible, upon entry of one or more PINs, through an embedded processor that performs all signing operations requiring access to the private key. A signer certificate containing the corresponding public key is also stored on the smartcard and appended to the file during the digital signing operation, and the signed file is downloaded together with the signer certificate to a terminal, after which the digital signature is authenticated by the terminal using the certificate. In addition, the signer certificate is authenticated by a higher level public key certificate resident in the terminal.
The method and system of the invention thus protects the private key used to sign the files (i) by employing PINs to limit access to the signing procedure, and (ii) by ensuring that the entity that signs the files never has access to the private key. The use of a smart card prevents duplication of the private key, while the use of multiple PINs enables smartcard access to be limited to multiple individuals working in concert, and/or enables establishment of multiple access levels so that less trusted individuals can be limited to certain types of file downloads.
2. Description of Related Art
Systems and methods for authenticating files to be downloaded to terminals, and in particular to point-of-sale or user identification terminals, are well-known. Such authentication is in general required in any terminals designed to handle sensitive information such as credit or debit card numbers, PINs associated with the credit or debit cards, and security codes, passwords, or biometric information. Given the pervasiveness of such terminals, the interconnectivity of the terminals, and the value of the data involved, the loading of single rogue program designed to misappropriate data within the terminal, or to use the terminal as a means for accessing computers and databases connected to the terminal, could have catastrophic consequences.
The problem of unauthorized or rogue software can of course be entirely prevented by simply pre-installing all necessary software and files, and subsequently preventing loading of any program into a terminal after installation at a point-of-sale or other location. However, this would effectively prevent owners of the terminals from customizing or updating the software that controls the terminals, necessitating replacement of the entire terminal whenever changes needed to be made. As a result, it is highly desirable, despite the potential risk, to permit loading of software into terminals following installation.
The most effective way to prevent unauthorized loading of files into a terminal is through file authentication, and in particular through use of digital signing and certification techniques, which involve signing of the files to be loaded using a secret key, and decrypting the resulting digital signature to determine if it in fact was encrypted by the secret key. The secret key in question can either be a shared secret key, in which case decryption must be carried out by a key previously loaded into the terminal, or a private key, in which case decryption may be carried out by a public key, conventionally provided in the form of a “signer's certificate,” that can either be pre-installed in the receiving terminal or appended to the digitally signed file. The signer's public key certificate conveniently may contain not only the public key, but also information necessary to use the public key to decrypt a file, and optional additional information such as limitations or instructions on use of the attached file. If the signer's public key certificate is not already pre-installed in the terminal, it needs to be digitally signed and authenticated by an additional public key certificate, referred to herein as an “owner” or “sponsor” certificate, but this does not detract from the portability of the signer certificate. Private key encryption is much more versatile than shared secret key encryption because an unlimited number of different private keys can be used without having to pre-load a corresponding number of keys in the terminal.
A potential weakness of such an authentication system lies in protection of the private key used to sign the files. Currently, private keys and corresponding signer certificates are supplied to the signer on disks or via secured communications, and protected during transit by encryption using a password or PIN sent separately to the signer. When a digital signature is required, the PIN is entered and verified, and the private key is decrypted and accessed by a computing device which performs the computations necessary to generate the digital signature. As a result, the private key is vulnerable to duplication during the signing procedure. This may occur because the legitimate holder of the PIN that permits decryption of the key is untrustworthy, or because the PIN has been stolen.
The conventional approach to the problem of key security during signing is to establish strict security procedures at the location where signing takes place, including background investigations of personnel, and limitations on access to equipment and PINs. Nevertheless, as repeated cases of security breaches in the FBI and even the CIA have demonstrated, it is essentially impossible to ensure either the trustworthiness of personnel or the following of security procedures. While use of PINs is desirable to limit access to the signing process, it is not a complete solution to the problem. Instead, the only way to completely ensure that the signer, or an agent or employee of the signer, cannot copy a private key is to ensure that the signer never has access to the private key.
As a result, the present invention takes a two-pronged approach to the problem of protecting private keys during signing. The first prong involving improved PIN security through the use of multiple PINs, and the second prong involving limiting damage in case PIN security is nevertheless breached by preventing access to the private key even during the signing process.